.svg)
This website is operated by Personio Foundation e.S., a Germany-based organization that provides financial and strategic support to nonprofit organizations and social enterprises. We prioritize the protection of your personal data collected on this site, adhering to data protection laws such as the General Data Protection Regulation (GDPR). This data privacy policy is provided to inform you how we handle your personal data collected on this website.
Contents
Data controller
Access and activity logs (“server logs”)
Error logs
Forms
Trusted Third Parties
International Data Transfers
Rights of Data Subjects
Data Protection Officer
The controller under data protection law is:
Personio Foundation (Stiftung)
Seidlstrasse 3
80335 München
Data protection contact: info@personio.foundation
Each access to this website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual.
Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is section 15 subsection 1 of the German Telemedia Act (TMG), as well as article 6 (1) f of the GDPR.
Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web.
These access logs are stored for a period of up to 30 days. There is no right to object to this.
So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is section 15 subsection 1 of the German Telemedia Act (TMG), as well as article 6 (1) f) of the GDPR.
When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected.
These error logs are stored for a period of up to 90 days. There is no right to object to this.
If you sign up via our Newsletter Form, then we store your email address and use this to contact you with updates regarding Personio Foundation. Your email address is not made public or disclosed to third parties.
Collected data: Email address, first name, last name, type of organization, name of organization
Purpose of use: Sending of updates regarding Personio Foundation as requested
Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the Newsletter Form, the data are stored as long as it is expected that updates will be sent and as long as you have not objected to the use of your data.
Legal basis: article 6 (1) a) GDPR – consent
Revocation: You can unsubscribe from our updates at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to info@personio.foundation
As part of our business operations and to provide certain services, we use service providers. This happens in marketing and customer support, for online surveys, chat and map services, display of videos, operating the website (cookie banner, security and provision), search in community posts and more. Do not worry though, we have concluded data processing agreements (DPA) with the service providers and when we transfer your data to third countries, we ensure that it is adequately safeguarded. This is achieved through either countries approved by the EU as safe (adequacy decision), specific approved contracts (standard contractual clauses), or by seeking your explicit consent when necessary.
Personio may disclose personal data collected in the scope of this privacy policy to members of its corporate group (“Affiliates”) – where this involves a transfer of your data to third countries outside the UK/European Economic Area (“EEA”)/Switzerland , we will ensure that it is adequately safeguarded (see the International Data Transfers section below for more information). Personio may also disclose relevant personal data if it is required to do so by law or legal process or in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.
We may disclose data collected within the scope of this privacy policy to third parties that are located in countries outside the UK/EEA/Switzerland, including our Affiliates. Our customer data is exclusively stored in the European Union.
Some of those countries may not have the same data protection laws as the UK/EEA/Switzerland. In particular, those countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the UK/EEA/Switzerland, we will comply with our legal and regulatory obligations in relation to your personal data, including (as necessary) having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will also take appropriate steps to ensure the security of your personal data in accordance with applicable data protection laws.
When transferring your personal data outside the UK/EEA/Switzerland, we will, where required by applicable data protection laws, ensure that at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries or organisations that have been deemed to provide an adequate level of protection for personal data by the UK and/or Swiss Government or the European Commission, as applicable; or (2) we will use specific contracts approved by the UK and/or Swiss Government or the European Commission, as applicable, commonly known as the “Standard Contractual Clauses” or “SSCs”, which give personal data the same protection it has in the UK/Switzerland and the EEA. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK/EEA/Switzerland.
In addition, where we disclose personal data that we process in connection with any of our affiliates’ participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and/or the Swiss-U.S. Data Privacy Framework, we remain liable under those frameworks in relation to our onward transfer of personal data to those entities, unless we can show that we are not responsible for the event giving rise to the damage.
Personio Corp. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Personio Personio Corp. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Personio Personio Corp. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
As part of our commitment to the EU-U.S. Data Privacy Framework, we provide individuals with the ability to choose how their personal data is used and shared. We respect your rights to make informed decisions about your personal information and offer the following choices:
a. Opt-Out of Marketing Communications: You have the right to opt-out of receiving marketing communications from us at any time. You can do this by following the unsubscribe instructions included in our emails or by contacting us directly.
b. Data Sharing with Third Parties: We will not disclose your personal data to third parties for purposes other than those specified in this policy without your explicit consent, except as required by law. You have the option to object to the sharing of your data with third parties.
c. Access and Update Personal Information: You have the right to access and update your personal information. You also have the right to review, correct, or delete your personal data.
d. Withdrawal of Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
In order to exercise your rights and choices you can use the contact form provided in the section on “Data Subject Rights” set out below. By providing these choices, we aim to give you greater control over your personal information and ensure transparency in how we handle your data in compliance with the EU-U.S. Data Privacy Framework.
If there is any conflict between the terms of this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (“DPF Principles”), the DPF Principles shall prevail. To learn more about the Data Privacy Framework (DPF) program, and to view our certification(s), please visit https://www.dataprivacyframework.gov/.
First, you have the right to be informed. This is the purpose of this privacy notice, but this is not all there is. You can exercise your right to information about the very data we process from you, the right to rectification, erasure or restriction of processing.
If you wish, you can obtain a copy of the data and you can also withdraw a given consent at any time for the future. Under certain circumstances, you can object to the processing of your data too. In particular, in the case of direct marketing or when we process data for our legitimate interests.
Lastly, you have the right to lodge a complaint.
Our DPO is:
Bitkom Servicegesellschaft mbH
Albrechtstraße 10
10117 Berlin
E-Mail: datenschutz@bitkom-consult.de
.png){kind=icon}
